HighProventia Desktop, Proventia Network IPS, RealSecure Desktop Protector 3.6, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, RealSecure Network, RealSecure Server Sensor, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a malicious web page with shellcode inside of Javascript.
High
Proventia Desktop: 8.0.675.1720, Proventia Network IPS: XPU 1.72, RealSecure Desktop Protector 3.6: epd, RealSecure Desktop: epd, BlackICE Server Protection: 3.6.cpd, BlackICE PC Protection: 3.6cpd, BlackICE Agent for Server: 3.6epd, RealSecure Network: XPU 24.33, RealSecure Server Sensor: XPU 24.33, Proventia Network IDS: XPU 24.33, Proventia-G 1.1 and earlier: XPU 24.33, Proventia Network MFS: XPU 1.72, IBM Security Server Protection for Windows: 1.0.914.1720, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0
IBM AIX, WindRiver BSDOS, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server
Suspicious Activity
Shell code consisting of the unescape function has been detected in JavaScript. The unescape function, which is used to unencode URL-encoded strings, has been detected.
This check is for informational purposes only.
nihonsoft.org Web site
unescape
http://research.nihonsoft.org/javascript/jsref/glob23.htm
ISS X-Force
Shellcode in JavaScript has been detected
http://www.iss.net/security_center/static/25447.php